CCIE Security Practice Test 2 Which of the following aaa accounting command is used to enable logging of the start and stop records for users terminal sessions on the router? #aaa accounting system start-stop tacacs+ #aaa accounting exec start-stop tacacs+ #aaa accounting commands 15 start-stop tacacs+ None Which of the following represents a step that should be taken when a security policy is developed? Perform quantitative risk analysis Determine device risk scores Perform penetration testing None You have used Cisco Configuration Professional to enable Cisco IOS IPS. Which state must a signature in before any actions can be taken when an attack matches that signature? enabled, unretired, and successfully complied successfully complied and enabled successfully complied None Which of the following syslog level is associated with LOG_Warning? 0 1 2 3 4 Which of the following type of VPN are supported using Cisco ISRs and Cisco ASA appliances? (Choose that applies) SSL clientless remote-access VPNs IPsec site-to-site VPNs IPsec client remote-access VPNs All of the above What is the purpose of using Cisco ASA appliance web launch SSL VPN feature? to enable users to login to a web portal to download and launch the Any Connect client to enable split tunneling when using client less SSL VPN access to enable single-sign-on so the SSL VPN users need only log in once to optimize the SSL VPN connections using DTLS . Which of the following type of NAT will be used when you translate multiple internal IP addresses to a single global routable IP address? dynamic PAT dynamic NAT policy NAT policy PAT Which of the following can be used to authenticate the IPSec peering during IKE Phase 1? ACS Server Diffie-Hellman Nonce pre-shared key AH Which of the following location is recommended for extended ACLs? a location as close to the source traffic as possible a location as close to the destination traffic as possible Both 1,2 None of the above Which of the following mode of access can be delivered by SSL VPN? (Choose that applies) full tunnel client thin client TLS tunnel mode clientless Loading … Question 1 of 10
